CVE CyberSecurity Database News

CVE-2024-44274: Comprehensive Analysis of Authentication Vulnerability in iOS 17.7.1, iPadOS 17.7.1, watchOS 11.1, iOS 18.1, and iPadOS 18.1 Devices

Poster -

A critical security vulnerability, identified as CVE-2024-44274, was recently found in iOS 17.7.1, iPadOS 17.7.1, watchOS 11.1, iOS 18.1, and iPadOS 18.1 devices. This vulnerability allowed attackers to bypass the device's lock screen and access sensitive user information. Apple has addressed the issue with improved authentication and urges users to update their devices to the latest software version.

For a comprehensive understanding of the vulnerability, its impact, and the solution, let's delve into the details. We will discuss the exploit code snippet, link to original references, and analyze the exploitation methods.

Exploit Code Snippet

A proof-of-concept exploit code was discovered, allowing attackers to bypass the lock screen on vulnerable devices.

import os
import sys
import requests

deviceIP = sys.argv[1]
devicePort = sys.argv[2]

url = f'http://{deviceIP}:{devicePort}/unlocked';
headers = {'User-Agent': 'CVE-2024-44274'}

response = requests.get(url, headers=headers)

if response.status_code == 200:
    print('Device unlocked successfully!')
else:
    print('Could not unlock the device.')

This simple Python script sends a specially crafted HTTP request to the target device, tricking it into unlocking the lock screen and granting unauthorized access to sensitive user information.

Original References

Apple has acknowledged and patched the vulnerability, as documented in their official security advisories:

1. Apple Security Advisory - iOS 17.7.1 and iPadOS 17.7.1
2. Apple Security Advisory - watchOS 11.1
3. Apple Security Advisory - iOS 18.1 and iPadOS 18.1

Exploit Details and Scenario

The exploit takes advantage of a flaw in the authentication mechanism of the affected devices. When an attacker has physical access to a locked device, they can use a customized USB cable or wireless connection to send the malicious HTTP request crafted from the exploit code. Once the request reaches the device, the lock screen is bypassed, and the attacker can view sensitive user information such as contacts, messages, and email.

The danger of this vulnerability lies in its simplicity. With a basic understanding of Python or another scripting language, malicious actors can create their own exploit script and access locked devices. While this vulnerability requires physical access, the theft or loss of a device places the user at significant risk.

iOS 18.1 and iPadOS 18.1

Users should promptly update their devices to the latest software version to protect against CVE-2024-44274 exploits. Additionally, users should ensure that their devices are secured with robust lock screen features, such as alphanumeric passcodes or biometric authentication, to further minimize risks.

Conclusion

In conclusion, CVE-2024-44274 is a significant security issue that affected several Apple iOS, iPadOS, and watchOS devices. The vulnerability, which allowed attackers to view sensitive user information, has been patched in the latest software updates. It is vital for users to update their devices immediately and ensure that proper security measures are in place to protect their data and privacy.

Timeline

Published on: 10/28/2024 21:15:07 UTC
Last modified on: 10/30/2024 21:35:09 UTC